function end_page()
{
global $txp_user, $event, $app_mode, $theme;
if ($app_mode != 'async' && $event != 'tag') {
echo $theme->footer();
callback_event('admin_side', 'body_end');
echo n . '</body>' . n . '</html>';
}
}
/**
* Render the admin-side theme's footer partial via the "admin_side" > "footer" pluggable UI.
* and send the "admin_side" > "body_end" event.
*/
function end_page()
{
global $txp_user, $event, $app_mode, $theme, $textarray_script;
if ($app_mode != 'async' && $event != 'tag') {
echo '</div><!-- /txp-body --><div class="txp-footer">';
echo pluggable_ui('admin_side', 'footer', $theme->footer());
callback_event('admin_side', 'body_end');
echo n . script_js('textpattern.textarray = ' . json_encode($textarray_script)) . n . '</div><!-- /txp-footer --></body>' . n . '</html>';
}
}
/**
* Renders the admin-side footer.
*
* The footer's default markup is provided by a theme. It can
* be further customized via the "admin_side > footer" pluggable
* UI callback event.
*
* In addition to the pluggable UI, this function also calls callback
* events "admin_side > main_content_end" and "admin_side > body_end".
*/
function end_page()
{
global $event, $app_mode, $theme, $textarray_script;
if ($app_mode != 'async' && $event != 'tag') {
callback_event('admin_side', 'main_content_end');
echo n . '</main><!-- /txp-body -->' . n . '<footer role="contentinfo" class="txp-footer">';
echo pluggable_ui('admin_side', 'footer', $theme->footer());
callback_event('admin_side', 'body_end');
echo script_js('textpattern.textarray = ' . json_encode($textarray_script)) . n . '</footer><!-- /txp-footer -->' . n . '</body>' . n . '</html>';
}
}
function end_page()
{
global $txp_user, $event;
if ($event != 'tag') {
echo '<div id="end_page">', navPop() . n, '<a href="http://www.textpattern.com"><img src="txp_img/carver.gif" width="60" height="48" border="0" alt="" /></a>' . n;
echo graf('Textpattern · ' . txp_version) . n;
echo $txp_user ? graf(gTxt('logged_in_as') . ' ' . span(htmlspecialchars($txp_user)) . br . '<a href="index.php?logout=1">' . gTxt('logout') . '</a>', ' id="moniker"') . n . '</div>' : '</div>';
callback_event('admin_side', 'body_end');
echo n . '</body>' . n . '</html>';
}
}
function log_hit($status)
{
global $nolog, $logging;
callback_event('log_hit');
if (!isset($nolog) && $status != '404') {
if ($logging == 'refer') {
logit('refer', $status);
} elseif ($logging == 'all') {
logit('', $status);
}
}
}
/**
* Renders the admin-side footer.
*
* The footer's default markup is provided by a theme. It can be further
* customised via the "admin_side > footer" pluggable UI callback event.
*
* In addition to the pluggable UI, this function also calls callback events
* "admin_side > main_content_end" and "admin_side > body_end".
*/
function end_page()
{
global $event, $app_mode, $theme, $textarray_script;
if ($app_mode != 'async' && $event != 'tag') {
callback_event('admin_side', 'main_content_end');
echo n . '</main><!-- /txp-body -->' . n . '<footer class="txp-footer">';
echo pluggable_ui('admin_side', 'footer', $theme->footer());
callback_event('admin_side', 'body_end');
gTxtScript(array('password_strength_0', 'password_strength_1', 'password_strength_2', 'password_strength_3', 'password_strength_4'), array(), array('admin', 'new_pass_form'));
echo script_js('vendors/dropbox/zxcvbn/zxcvbn.js', TEXTPATTERN_SCRIPT_URL, array('admin', 'new_pass_form')) . script_js('textpattern.textarray = ' . json_encode($textarray_script)) . n . '</footer><!-- /txp-footer -->' . n . '</body>' . n . '</html>';
}
}
function page_list($current)
{
$protected = safe_column('DISTINCT page', 'txp_section', '1=1') + array('error_default');
$criteria = 1;
$criteria .= callback_event('admin_criteria', 'page_list', 0, $criteria);
$rs = safe_rows_start('name', 'txp_page', "{$criteria} order by name asc");
while ($a = nextRow($rs)) {
extract($a);
$link = eLink('page', '', 'name', $name, $name);
$dlink = !in_array($name, $protected) ? dLink('page', 'page_delete', 'name', $name) : '';
$out[] = $current == $name ? tr(td($name) . td($dlink)) : tr(td($link) . td($dlink));
}
return startTable('', '', 'txp-list') . join(n, $out) . endTable();
}
/**
* Constructor.
*
* Creates core Textfilters according to a preference and registers all
* available filters with the core.
*
* This method triggers 'textfilter.register' callback
* event.
*/
public function __construct()
{
if ($filters = get_pref('admin_textfilter_classes')) {
foreach (do_list($filters) as $filter) {
new $filter();
}
} else {
new Plain();
new Nl2Br();
new Textile();
}
$this->filters = array();
callback_event('textfilter', 'register', 0, $this);
}
function css_list($current, $default)
{
$out[] = startTable('', '', 'txp-list');
$criteria = 1;
$criteria .= callback_event('admin_criteria', 'css_list', 0, $criteria);
$rs = safe_rows_start('name', 'txp_css', $criteria);
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$edit = $current != $name ? eLink('css', '', 'name', $name, $name) : txpspecialchars($name);
$delete = $name != $default ? dLink('css', 'css_delete', 'name', $name) : '';
$out[] = tr(td($edit) . td($delete));
}
$out[] = endTable();
return join('', $out);
}
}
function form_list($curname)
{
global $step, $essential_forms, $form_types;
$types = formTypes('', false);
$methods = array('changetype' => array('label' => gTxt('changetype'), 'html' => $types), 'delete' => gTxt('delete'));
$out[] = '<p class="action-create">' . sLink('form', 'form_create', gTxt('create_new_form')) . '</p>';
$criteria = 1;
$criteria .= callback_event('admin_criteria', 'form_list', 0, $criteria);
$rs = safe_rows_start("*", "txp_form", "{$criteria} order by field(type,'" . join("','", array_keys($form_types)) . "') asc, name asc");
if ($rs) {
$ctr = 1;
$prev_type = '';
while ($a = nextRow($rs)) {
extract($a);
$editlink = $curname != $name ? eLink('form', 'form_edit', 'name', $name, $name) : txpspecialchars($name);
$modbox = !in_array($name, $essential_forms) ? '<input type="checkbox" name="selected_forms[]" value="' . $name . '" />' : '';
if ($prev_type != $type) {
$visipref = 'pane_form_' . $type . '_visible';
$group_start = '<div class="form-list-group ' . $type . '"><h3 class="lever' . (get_pref($visipref) ? ' expanded' : '') . '"><a href="#' . $type . '">' . $form_types[$type] . '</a></h3>' . n . '<div id="' . $type . '" class="toggle form-list" style="display:' . (get_pref($visipref) ? 'block' : 'none') . '">' . n . '<ul class="plain-list">' . n;
$group_end = $ctr > 1 ? '</ul></div></div>' . n : '';
} else {
$group_start = $group_end = '';
}
$out[] = $group_end . $group_start;
$out[] = '<li>' . n . '<span class="form-list-action">' . $modbox . '</span><span class="form-list-name">' . $editlink . '</span></li>';
$prev_type = $type;
$ctr++;
}
$out[] = '</ul></div></div>';
$out[] = multi_edit($methods, 'form', 'form_multi_edit');
return form(join('', $out), '', '', 'post', '', '', 'allforms_form') . script_js(<<<EOS
\t\t\t\t\$(document).ready(function() {
\t\t\t\t\t\$('#allforms_form').txpMultiEditForm({
\t\t\t\t\t\t'checkbox' : 'input[name="selected_forms[]"][type=checkbox]',
\t\t\t\t\t\t'row' : '.plain-list li, .form-list-name',
\t\t\t\t\t\t'highlighted' : '.plain-list li'
\t\t\t\t\t});
\t\t\t\t});
EOS
);
}
}
function css($atts)
{
global $css, $doctype;
extract(lAtts(array('format' => 'url', 'media' => 'screen', 'n' => $css, 'name' => $css, 'rel' => 'stylesheet', 'title' => ''), $atts));
if (isset($atts['n'])) {
$name = $n;
trigger_error(gTxt('deprecated_attribute', array('{name}' => 'n')), E_USER_NOTICE);
}
if (empty($name)) {
$name = 'default';
}
if (has_handler('css.url')) {
$url = callback_event('css.url', '', false, compact('name'));
} else {
$url = hu . 'css.php?n=' . urlencode($name);
}
if ($format == 'link') {
return tag_void('link', array('rel' => $rel, 'type' => $doctype != 'html5' ? 'text/css' : '', 'media' => $media, 'title' => $title, 'href' => $url));
}
return txpspecialchars($url);
}
function rss()
{
global $prefs, $thisarticle;
set_error_handler('feedErrorHandler');
ob_clean();
extract($prefs);
extract(doSlash(gpsa(array('limit', 'area'))));
// build filter criteria from a comma-separated list of sections and categories
$feed_filter_limit = get_pref('feed_filter_limit', 10);
$section = gps('section');
$category = gps('category');
if (!is_scalar($section) || !is_scalar($category)) {
txp_die('Not Found', 404);
}
$section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array();
$category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array();
$st = array();
foreach ($section as $s) {
$st[] = fetch_section_title($s);
}
$ct = array();
foreach ($category as $c) {
$ct[] = fetch_category_title($c);
}
$sitename .= $section ? ' - ' . join(' - ', $st) : '';
$sitename .= $category ? ' - ' . join(' - ', $ct) : '';
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
// feed header
$out[] = tag('http://textpattern.com/?v=' . $version, 'generator');
$out[] = tag(doSpecial($sitename), 'title');
$out[] = tag(hu, 'link');
$out[] = '<atom:link href="' . pagelinkurl(array('rss' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" rel="self" type="application/rss+xml" />';
$out[] = tag(doSpecial($site_slogan), 'description');
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
$out[] = callback_event('rss_head');
// feed items
$articles = array();
$section = doSlash($section);
$category = doSlash($category);
if (!$area or $area == 'article') {
$sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : '';
$cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : '';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$frs = safe_column("name", "txp_section", "in_rss != '1'");
if ($frs) {
foreach ($frs as $f) {
$query[] = "and Section != '" . doSlash($f) . "'";
}
}
$query[] = $sfilter;
$query[] = $cfilter;
$expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') ';
$rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, unix_timestamp(LastMod) as uLastMod, unix_timestamp(Expires) as uExpires, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now()" . $expired . "order by Posted desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$cb = callback_event('rss_entry');
$a['posted'] = $uPosted;
$permlink = permlinkurl($a);
$summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
$content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
if ($syndicate_body_or_excerpt) {
# short feed: use body as summary if there's no excerpt
if (!trim($summary)) {
$summary = $content;
}
$content = '';
}
if ($show_comment_count_in_feed) {
$count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
} else {
$count = '';
}
$Title = escape_title(strip_tags($Title)) . $count;
$thisauthor = get_author_name($AuthorID);
$item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb;
$articles[$ID] = tag($item, 'item');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $uPosted;
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category in ('" . join("','", $category) . "')" : '1';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate');
$articles[$id] = tag($item, 'item');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
if (!$articles) {
if ($section) {
if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) {
txp_die(gTxt('404_not_found'), '404');
}
} elseif ($category) {
switch ($area) {
case 'link':
if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
case 'article':
default:
if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
}
}
} else {
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
// make sure notices/warnings/errors don't fudge up the feed
// when compression is used
$buf = '';
while ($b = @ob_get_clean()) {
$buf .= $b;
}
@ob_start('ob_gzhandler');
echo $buf;
}
handle_lastmod();
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
$imsd = $hims ? strtotime($hims) : 0;
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id]) !== false) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
txp_status_header('304 Not Modified');
exit(0);
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
}
$out = array_merge($out, $articles);
header("Content-Type: application/rss+xml; charset=utf-8");
if (isset($etag)) {
header('ETag: "' . $etag . '"');
}
return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
}
function output_file_download($filename)
{
global $file_error, $file_base_path, $pretext;
callback_event('file_download');
if (!isset($file_error)) {
$filename = sanitizeForFile($filename);
$fullpath = build_file_path($file_base_path, $filename);
if (is_file($fullpath)) {
// Discard any error PHP messages.
ob_clean();
$filesize = filesize($fullpath);
$sent = 0;
header('Content-Description: File Download');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $filename . '"; size = "' . $filesize . '"');
// Fix for IE6 PDF bug on servers configured to send cache headers.
header('Cache-Control: private');
@ini_set("zlib.output_compression", "Off");
@set_time_limit(0);
@ignore_user_abort(true);
if ($file = fopen($fullpath, 'rb')) {
while (!feof($file) and connection_status() == 0) {
echo fread($file, 1024 * 64);
$sent += 1024 * 64;
ob_flush();
flush();
}
fclose($file);
// Record download.
if (connection_status() == 0 and !connection_aborted()) {
safe_update('txp_file', "downloads = downloads + 1", "id = " . intval($pretext['id']));
} else {
$pretext['request_uri'] .= $sent >= $filesize ? '#aborted' : "#aborted-at-" . floor($sent * 100 / $filesize) . "%";
}
log_hit('200');
}
} else {
$file_error = 404;
}
}
// Deal with error.
if (isset($file_error)) {
switch ($file_error) {
case 403:
txp_die(gTxt('403_forbidden'), '403');
break;
case 404:
txp_die(gTxt('404_not_found'), '404');
break;
default:
txp_die(gTxt('500_internal_server_error'), '500');
break;
}
}
}
function section_delete()
{
$selected = ps('selected');
$with_articles = safe_rows('Section, Count(*) AS count', 'textpattern', "Section in ('" . join("','", doSlash($selected)) . "') GROUP BY Section");
$protected[] = 'default';
$del['success'] = $del['error'] = array();
foreach ($with_articles as $row) {
$protected[] = $row['Section'];
}
$protected = array_unique($protected);
foreach ($selected as $item) {
if (in_array($item, $protected)) {
$del['error'][] = $item;
} else {
$ret = safe_delete('txp_section', "name = '" . doSlash($item) . "'");
if ($ret) {
$del['success'][] = $item;
} else {
$del['error'][] = $item;
}
}
}
if ($del['success']) {
callback_event('sections_deleted', '', 0, $del['success']);
}
$message = $del['success'] ? gTxt('section_deleted', array('{name}' => join(', ', $del['success']))) : '';
sec_section_list($message);
}
/**
* Processes multi-edit actions.
*
* Accessing requires 'admin.edit' privileges.
*/
function admin_multi_edit()
{
global $txp_user;
require_privs('admin.edit');
$selected = ps('selected');
$method = ps('edit_method');
$changed = array();
$msg = '';
if (!$selected or !is_array($selected)) {
return author_list();
}
$names = safe_column('name', 'txp_users', "name IN (" . join(',', quote_list($selected)) . ") AND name != '" . doSlash($txp_user) . "'");
if (!$names) {
return author_list();
}
switch ($method) {
case 'delete':
$assign_assets = ps('assign_assets');
if (!$assign_assets) {
$msg = array('must_reassign_assets', E_ERROR);
} elseif (in_array($assign_assets, $names)) {
$msg = array('cannot_assign_assets_to_deletee', E_ERROR);
} elseif (remove_user($names, $assign_assets)) {
$changed = $names;
callback_event('authors_deleted', '', 0, $changed);
$msg = 'author_deleted';
}
break;
case 'changeprivilege':
if (change_user_group($names, ps('privs'))) {
$changed = $names;
$msg = 'author_updated';
}
break;
case 'resetpassword':
foreach ($names as $name) {
$passwd = generate_password(PASSWORD_LENGTH);
if (change_user_password($name, $passwd)) {
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
if (send_new_password($passwd, $email, $name)) {
$changed[] = $name;
$msg = 'author_updated';
} else {
return author_list(array(gTxt('could_not_mail') . ' ' . txpspecialchars($name), E_ERROR));
}
}
}
break;
}
if ($changed) {
return author_list(gTxt($msg, array('{name}' => txpspecialchars(join(', ', $changed)))));
}
author_list($msg);
}
function sanitizeForFile($text)
{
// any overrides?
$out = callback_event('sanitize_for_file', '', 0, $text);
if ($out !== '') {
return $out;
}
// Remove control characters and " * \ : < > ? / |
$text = preg_replace('/[\\x00-\\x1f\\x22\\x2a\\x2f\\x3a\\x3c\\x3e\\x3f\\x5c\\x7c\\x7f]+/', '', $text);
// Remove duplicate dots and any leading or trailing dots/spaces
$text = preg_replace('/[.]{2,}/', '.', trim($text, '. '));
return $text;
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$web = clean_url($web);
$email = clean_url($email);
if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
setCookies($name, $email, $web);
} else {
destroyCookies();
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(strip_tags(deEntBrackets($web)));
$email = doSlash(strip_tags(deEntBrackets($email)));
$message = substr(trim($message), 0, 65535);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$parentid = assert_int($parentid);
$rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
update_lastmod();
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
$backpage = permlinkurl_id($parentid);
}
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
log_hit('302');
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
function log_list($message = '')
{
global $event, $log_list_pageby, $expire_logs_after;
pagetop(gTxt('tab_logs'), $message);
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if ($sort === '') {
$sort = get_pref('log_sort_column', 'time');
}
if ($dir === '') {
$dir = get_pref('log_sort_dir', 'desc');
}
$dir = $dir == 'asc' ? 'asc' : 'desc';
$expire_logs_after = assert_int($expire_logs_after);
safe_delete('txp_log', "time < date_sub(now(), interval {$expire_logs_after} day)");
switch ($sort) {
case 'ip':
$sort_sql = 'ip ' . $dir;
break;
case 'host':
$sort_sql = 'host ' . $dir;
break;
case 'page':
$sort_sql = 'page ' . $dir;
break;
case 'refer':
$sort_sql = 'refer ' . $dir;
break;
case 'method':
$sort_sql = 'method ' . $dir;
break;
case 'status':
$sort_sql = 'status ' . $dir;
break;
default:
$sort = 'time';
$sort_sql = 'time ' . $dir;
break;
}
set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE);
set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE);
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$criteria = 1;
if ($search_method and $crit != '') {
$verbatim = preg_match('/^"(.*)"$/', $crit, $m);
$crit_escaped = doSlash($verbatim ? $m[1] : str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit));
$critsql = $verbatim ? array('ip' => "ip = '{$crit_escaped}'", 'host' => "host = '{$crit_escaped}'", 'page' => "page = '{$crit_escaped}'", 'refer' => "refer = '{$crit_escaped}'", 'method' => "method = '{$crit_escaped}'", 'status' => "status = '{$crit_escaped}'") : array('ip' => "ip like '%{$crit_escaped}%'", 'host' => "host like '%{$crit_escaped}%'", 'page' => "page like '%{$crit_escaped}%'", 'refer' => "refer like '%{$crit_escaped}%'", 'method' => "method like '%{$crit_escaped}%'", 'status' => "status like '%{$crit_escaped}%'");
if (array_key_exists($search_method, $critsql)) {
$criteria = $critsql[$search_method];
$limit = 500;
} else {
$search_method = '';
$crit = '';
}
} else {
$search_method = '';
$crit = '';
}
$criteria .= callback_event('admin_criteria', 'log_list', 0, $criteria);
$total = safe_count('txp_log', "{$criteria}");
echo '<h1 class="txp-heading">' . gTxt('tab_logs') . '</h1>';
echo '<div id="' . $event . '_control" class="txp-control-panel">';
if ($total < 1) {
if ($criteria != 1) {
echo n . log_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>';
} else {
echo graf(gTxt('no_refers_recorded'), ' class="indicator"') . '</div>';
}
return;
}
$limit = max($log_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
echo n . log_search_form($crit, $search_method) . '</div>';
$rs = safe_rows_start('*, unix_timestamp(time) as uTime', 'txp_log', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
if ($rs) {
echo n . '<div id="' . $event . '_container" class="txp-container">';
echo n . n . '<form action="index.php" id="log_form" class="multi_edit_form" method="post" name="longform">' . n . '<div class="txp-listtables">' . n . startTable('', '', 'txp-list') . n . '<thead>' . n . tr(n . hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' title="' . gTxt('toggle_all_selected') . '" class="multi-edit"') . n . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'date time') . n . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'log_detail ip') . n . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'host') . n . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'page') . n . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'refer') . n . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'log_detail method') . n . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'log_detail status')) . n . '</thead>';
echo '<tbody>';
while ($a = nextRow($rs)) {
extract($a, EXTR_PREFIX_ALL, 'log');
if ($log_refer) {
$log_refer = 'http://' . $log_refer;
$log_refer = '<a href="' . txpspecialchars($log_refer) . '" target="_blank">' . txpspecialchars(soft_wrap($log_refer, 30)) . '</a>';
}
if ($log_page) {
$log_anchor = preg_replace('/\\/$/', '', $log_page);
$log_anchor = soft_wrap(substr($log_anchor, 1), 30);
$log_page = '<a href="' . txpspecialchars($log_page) . '" target="_blank">' . txpspecialchars($log_anchor) . '</a>';
if ($log_method == 'POST') {
$log_page = '<strong>' . $log_page . '</strong>';
}
}
echo tr(n . td(fInput('checkbox', 'selected[]', $log_id), '', 'multi-edit') . td(gTime($log_uTime), '', 'date time') . td(txpspecialchars($log_ip), '', 'log_detail ip') . td(txpspecialchars(soft_wrap($log_host, 30)), '', 'host') . td($log_page, '', 'page') . td($log_refer, '', 'refer') . td(txpspecialchars($log_method), '', 'log_detail method') . td($log_status, '', 'log_detail status'));
}
echo '</tbody>', n, endTable(), n, '</div>', n, log_multiedit_form($page, $sort, $dir, $crit, $search_method), n, tInput(), n, '</form>', n, graf(toggle_box('log_detail'), ' class="detail-toggle"'), n, '<div id="' . $event . '_navigation" class="txp-navigation">', n, nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit), n, pageby_form('log', $log_list_pageby), n, '</div>', n, '</div>';
}
}
define('TXP_UPDATE', 1);
include txpath . '/update/_update.php';
}
load_elements($event);
register_element_tabs();
if (!empty($admin_side_plugins) and gps('event') != 'plugin') {
load_plugins(1);
}
include txpath . '/lib/txplib_head.php';
// ugly hack, for the people that don't update their admin_config.php
// Get rid of this when we completely remove admin_config and move privs to db
if ($event == 'list') {
require_privs('article');
} else {
require_privs($event);
}
callback_event($event, $step, 1);
// let elements override older /include/txp_foo.php admin pages
if (!controller_name($event)) {
$inc = txpath . '/include/txp_' . $event . '.php';
if (is_readable($inc)) {
include $inc;
}
}
callback_event($event, $step, 0);
$microdiff = getmicrotime() - $microstart;
echo n . comment(gTxt('runtime') . ': ' . substr($microdiff, 0, 6));
end_page();
} else {
txp_die('DB-Connect was succesful, but the textpattern-table was not found.', '503 Service Unavailable');
}
function do_pings()
{
global $txpcfg, $prefs, $production_status;
# only ping for Live sites
if ($production_status !== 'live') {
return;
}
include_once txpath . '/lib/IXRClass.php';
callback_event('ping');
if ($prefs['ping_textpattern_com']) {
$tx_client = new IXR_Client('http://textpattern.com/xmlrpc/');
$tx_client->query('ping.Textpattern', $prefs['sitename'], hu);
}
if ($prefs['ping_weblogsdotcom'] == 1) {
$wl_client = new IXR_Client('http://rpc.pingomatic.com/');
$wl_client->query('weblogUpdates.ping', $prefs['sitename'], hu);
}
}
/**
* Processes multi-edit actions.
*/
function list_multi_edit()
{
global $txp_user, $statuses, $all_cats, $all_authors, $all_sections;
extract(psa(array('selected', 'edit_method')));
if (!$selected || !is_array($selected)) {
return list_list();
}
$selected = array_map('assert_int', $selected);
// Empty entry to permit clearing the categories.
$categories = array('');
foreach ($all_cats as $row) {
$categories[] = $row['name'];
}
$allowed = array();
$field = $value = '';
switch ($edit_method) {
// Delete.
case 'delete':
if (!has_privs('article.delete')) {
if (has_privs('article.delete.own')) {
$allowed = safe_column_num("ID", 'textpattern', "ID IN (" . join(',', $selected) . ") AND AuthorID = '" . doSlash($txp_user) . "'");
}
$selected = $allowed;
}
if ($selected && safe_delete('textpattern', "ID IN (" . join(',', $selected) . ")")) {
safe_update('txp_discuss', "visible = " . MODERATE, "parentid IN (" . join(',', $selected) . ")");
callback_event('articles_deleted', '', 0, $selected);
callback_event('multi_edited.articles', 'delete', 0, compact('selected', 'field', 'value'));
update_lastmod('articles_deleted', $selected);
now('posted', true);
now('expires', true);
return list_list(messenger('article', join(', ', $selected), 'deleted'));
}
return list_list();
break;
// Change author.
// Change author.
case 'changeauthor':
$value = ps('AuthorID');
if (has_privs('article.edit') && in_array($value, $all_authors, true)) {
$field = 'AuthorID';
}
break;
// Change category1.
// Change category1.
case 'changecategory1':
$value = ps('Category1');
if (in_array($value, $categories, true)) {
$field = 'Category1';
}
break;
// Change category2.
// Change category2.
case 'changecategory2':
$value = ps('Category2');
if (in_array($value, $categories, true)) {
$field = 'Category2';
}
break;
// Change comment status.
// Change comment status.
case 'changecomments':
$field = 'Annotate';
$value = (int) ps('Annotate');
break;
// Change section.
// Change section.
case 'changesection':
$value = ps('Section');
if (in_array($value, $all_sections, true)) {
$field = 'Section';
}
break;
// Change status.
// Change status.
case 'changestatus':
$value = (int) ps('Status');
if (array_key_exists($value, $statuses)) {
$field = 'Status';
}
if (!has_privs('article.publish') && $value >= STATUS_LIVE) {
$value = STATUS_PENDING;
}
break;
}
$selected = safe_rows("ID, AuthorID, Status", 'textpattern', "ID IN (" . join(',', $selected) . ")");
foreach ($selected as $item) {
if ($item['Status'] >= STATUS_LIVE && has_privs('article.edit.published') || $item['Status'] >= STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own.published') || $item['Status'] < STATUS_LIVE && has_privs('article.edit') || $item['Status'] < STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own')) {
$allowed[] = $item['ID'];
}
}
$selected = $allowed;
if ($selected) {
$message = messenger('article', join(', ', $selected), 'modified');
if ($edit_method === 'duplicate') {
$rs = safe_rows_start("*", 'textpattern', "ID IN (" . join(',', $selected) . ")");
if ($rs) {
while ($a = nextRow($rs)) {
unset($a['ID'], $a['LastMod'], $a['LastModID'], $a['Expires']);
$a['uid'] = md5(uniqid(rand(), true));
$a['AuthorID'] = $txp_user;
foreach ($a as $name => &$value) {
$value = "`{$name}` = '" . doSlash($value) . "'";
}
if ($id = (int) safe_insert('textpattern', join(',', $a))) {
safe_update('textpattern', "Title = CONCAT(Title, ' (', {$id}, ')'),\n url_title = CONCAT(url_title, '-', {$id}),\n Posted = NOW(),\n feed_time = NOW()", "ID = {$id}");
}
}
}
$message = gTxt('duplicated_articles', array('{id}' => join(', ', $selected)));
} elseif (!$field || safe_update('textpattern', "{$field} = '" . doSlash($value) . "'", "ID IN (" . join(',', $selected) . ")") === false) {
return list_list();
}
update_lastmod('articles_updated', compact('selected', 'field', 'value'));
now('posted', true);
now('expires', true);
callback_event('multi_edited.articles', $edit_method, 0, compact('selected', 'field', 'value'));
return list_list($message);
}
return list_list();
}
function atom()
{
global $thisarticle;
extract($GLOBALS['prefs']);
define("t_texthtml", ' type="text/html"');
define("t_text", ' type="text"');
define("t_html", ' type="html"');
define("t_xhtml", ' type="xhtml"');
define('t_appxhtml', ' type="xhtml"');
define("r_relalt", ' rel="alternate"');
define("r_relself", ' rel="self"');
$area = doSlash(gps('area'));
extract(doSlash(gpsa(array('category', 'section', 'limit'))));
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$sitename .= $section ? ' - ' . $section : '';
$sitename .= $category ? ' - ' . $category : '';
$pub = safe_row("RealName, email", "txp_users", "privs=1");
$out[] = tag(escape_output($sitename), 'title', t_text);
$out[] = tag(escape_output($site_slogan), 'subtitle', t_text);
$out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" />';
$out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
$articles = array();
//Atom feeds with mail or domain name
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
$out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . $section : '') . ($category ? '/' . $category : ''), 'id');
$out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"');
$out[] = tag(safe_strftime("w3cdtf", $last), 'updated');
$auth[] = tag($pub['RealName'], 'name');
$auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
$auth[] = tag(hu, 'uri');
$out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
if (!$area or $area == 'article') {
$sfilter = $section ? "and Section = '" . $section . "'" : '';
$cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$frs = safe_column("name", "txp_section", "in_rss != '1'");
$query = array();
foreach ($frs as $f) {
$query[] = "and Section != '" . doSlash($f) . "'";
}
$query[] = $sfilter;
$query[] = $cfilter;
$rs = safe_rows_start("*, \n\t\t\t\tID as thisid, \n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$cb = callback_event('atom_entry');
$e = array();
$a['posted'] = $uPosted;
if ($show_comment_count_in_feed) {
$count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
} else {
$count = '';
}
$thisauthor = get_author_name($AuthorID);
$e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author');
$e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published');
$e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated');
$escaped_title = escape_output($Title);
$e['title'] = tag($escaped_title . $count, 'title', t_html);
$permlink = permlinkurl($a);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id');
$e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : '';
$e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : '';
$summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
$content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
if ($syndicate_body_or_excerpt) {
# short feed: use body as summary if there's no excerpt
if (!trim($summary)) {
$summary = $content;
}
$content = '';
}
if (trim($content)) {
$e['content'] = tag(n . escape_cdata($content) . n, 'content', t_html);
}
if (trim($summary)) {
$e['summary'] = tag(n . escape_cdata($summary) . n, 'summary', t_html);
}
$articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, 'entry');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $uLastMod;
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category='" . $category . "'" : '1';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc, id desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$e['title'] = tag(htmlspecialchars($linkname), 'title', t_html);
$e['content'] = tag(n . htmlspecialchars($description) . n, 'content', t_html);
$url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url);
$url = preg_replace("/&((?U).*)=/", "&\\1=", $url);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
$e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published');
$e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $id, 'id');
$articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
if (!empty($articles)) {
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
@ob_start("ob_gzhandler");
}
handle_lastmod();
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
$imsd = $hims ? strtotime($hims) : 0;
if ($imsd >= $last) {
txp_status_header("304 Not Modified");
exit;
}
header("Last-Modified: " . gmdate('D, d M Y H:i:s \\G\\M\\T', $last));
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id])) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
header("HTTP/1.1 304 Not Modified");
exit;
}
if ($etag) {
header('ETag: "' . $etag . '"');
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
$out = array_merge($out, $articles);
header('Content-type: application/atom+xml; charset=utf-8');
return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>';
}
}
function pagetop($pagetitle, $message = "")
{
global $css_mode, $siteurl, $sitename, $txp_user, $event;
$area = gps('area');
$event = !$event ? 'article' : $event;
$bm = gps('bm');
$privs = safe_field("privs", "txp_users", "name = '" . doSlash($txp_user) . "'");
$GLOBALS['privs'] = $privs;
$areas = areas();
$area = false;
foreach ($areas as $k => $v) {
if (in_array($event, $v)) {
$area = $k;
break;
}
}
if (gps('logout')) {
$body_id = 'page-logout';
} elseif (!$txp_user) {
$body_id = 'page-login';
} else {
$body_id = 'page-' . $event;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php
echo LANG;
?>
" lang="<?php
echo LANG;
?>
" dir="<?php
echo gTxt('lang_dir');
?>
">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="noindex, nofollow" />
<title>Txp › <?php
echo htmlspecialchars($sitename);
?>
› <?php
echo escape_title($pagetitle);
?>
</title>
<link href="textpattern.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="textpattern.js"></script>
<script type="text/javascript">
<!--
var cookieEnabled = checkCookies();
if (!cookieEnabled)
{
confirm('<?php
echo trim(gTxt('cookies_must_be_enabled'));
?>
');
}
<?php
$edit = array();
if ($event == 'list') {
$rs = safe_column('name', 'txp_section', "name != 'default'");
$edit['section'] = $rs ? selectInput('Section', $rs, '', true) : '';
$rs = getTree('root', 'article');
$edit['category1'] = $rs ? treeSelectInput('Category1', $rs, '') : '';
$edit['category2'] = $rs ? treeSelectInput('Category2', $rs, '') : '';
$edit['comments'] = onoffRadio('Annotate', safe_field('val', 'txp_prefs', "name = 'comments_on_default'"));
$edit['status'] = selectInput('Status', array(1 => gTxt('draft'), 2 => gTxt('hidden'), 3 => gTxt('pending'), 4 => gTxt('live'), 5 => gTxt('sticky')), '', true);
$rs = safe_column('name', 'txp_users', "privs not in(0,6)");
$edit['author'] = $rs ? selectInput('AuthorID', $rs, '', true) : '';
}
if (in_array($event, array('image', 'file', 'link'))) {
$rs = getTree('root', $event);
$edit['category'] = $rs ? treeSelectInput('category', $rs, '') : '';
}
if ($event == 'plugin') {
$edit['order'] = selectInput('order', array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9), 5, false);
}
if ($event == 'admin') {
$edit['privilege'] = privs();
}
// output JavaScript
?>
function poweredit(elm)
{
var something = elm.options[elm.selectedIndex].value;
// Add another chunk of HTML
var pjs = document.getElementById('js');
if (pjs == null)
{
var br = document.createElement('br');
elm.parentNode.appendChild(br);
pjs = document.createElement('P');
pjs.setAttribute('id','js');
elm.parentNode.appendChild(pjs);
}
if (pjs.style.display == 'none' || pjs.style.display == '')
{
pjs.style.display = 'block';
}
if (something != '')
{
switch (something)
{
<?php
foreach ($edit as $key => $val) {
echo "case 'change" . $key . "':" . n . t . "pjs.innerHTML = '<span>" . str_replace(array("\n", '-'), array('', '-'), addslashes($val)) . "</span>';" . n . t . 'break;' . n . n;
}
?>
default:
pjs.style.display = 'none';
break;
}
}
return false;
}
addEvent(window, 'load', cleanSelects);
-->
</script>
<script type="text/javascript" src="jquery.js"></script>
<?php
callback_event('admin_side', 'head_end');
?>
</head>
<body id="<?php
echo $body_id;
?>
">
<?php
callback_event('admin_side', 'pagetop');
?>
<table id="pagetop" cellpadding="0" cellspacing="0">
<tr id="branding"><td><h1 id="textpattern">Textpattern</h1></td><td id="navpop"><?php
echo navPop(1);
?>
</td></tr>
<tr id="nav-primary"><td align="center" class="tabs" colspan="2">
<?php
if (!$bm) {
echo '<table cellpadding="0" cellspacing="0" align="center"><tr>
<td valign="middle" style="width:368px"> ' . $message . '</td>', has_privs('tab.content') ? areatab(gTxt('tab_content'), 'content', 'article', $area) : '', has_privs('tab.presentation') ? areatab(gTxt('tab_presentation'), 'presentation', 'page', $area) : '', has_privs('tab.admin') ? areatab(gTxt('tab_admin'), 'admin', 'admin', $area) : '', (has_privs('tab.extensions') and !empty($areas['extensions'])) ? areatab(gTxt('tab_extensions'), 'extensions', array_shift($areas['extensions']), $area) : '', '<td class="tabdown"><a href="' . hu . '" class="plain" target="_blank">' . gTxt('tab_view_site') . '</a></td>', '</tr></table>';
$secondary = tabsort($area, $event);
if ($secondary) {
echo '</td></tr><tr id="nav-secondary"><td align="center" class="tabs" colspan="2">
<table cellpadding="0" cellspacing="0" align="center"><tr>', $secondary, '</tr></table>';
}
}
echo '</td></tr></table>';
callback_event('admin_side', 'pagetop_end');
}
/**
* Generates and outputs an Atom feed.
*
* This function can only be called once on a page. It outputs an Atom feed
* based on the requested URL parameters. Accepts HTTP GET parameters 'limit',
* 'area', 'section' and 'category'.
*/
function atom()
{
global $thisarticle, $prefs;
set_error_handler('feedErrorHandler');
ob_clean();
extract($prefs);
$last = fetch("UNIX_TIMESTAMP(val)", 'txp_prefs', 'name', 'lastmod');
extract(doSlash(gpsa(array('limit', 'area'))));
// Build filter criteria from a comma-separated list of sections
// and categories.
$feed_filter_limit = get_pref('feed_filter_limit', 10);
$section = gps('section');
$category = gps('category');
if (!is_scalar($section) || !is_scalar($category)) {
txp_die('Not Found', 404);
}
$section = $section ? array_slice(do_list_unique($section), 0, $feed_filter_limit) : array();
$category = $category ? array_slice(do_list_unique($category), 0, $feed_filter_limit) : array();
$st = array();
foreach ($section as $s) {
$st[] = fetch_section_title($s);
}
$ct = array();
foreach ($category as $c) {
$ct[] = fetch_category_title($c);
}
$sitename .= $section ? ' - ' . join(' - ', $st) : '';
$sitename .= $category ? ' - ' . join(' - ', $ct) : '';
$pub = safe_row("RealName, email", 'txp_users', "privs = 1");
// Feed header.
$out[] = tag(htmlspecialchars($sitename), 'title', t_text);
$out[] = tag(htmlspecialchars($site_slogan), 'subtitle', t_text);
$out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" />';
$out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
// Atom feeds with mail or domain name.
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
$out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . join(',', $section) : '') . ($category ? '/' . join(',', $category) : ''), 'id');
$out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"');
$out[] = tag(safe_strftime("w3cdtf", $last), 'updated');
$auth[] = tag($pub['RealName'], 'name');
$auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
$auth[] = tag(hu, 'uri');
$out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
$out[] = callback_event('atom_head');
// Feed items.
$articles = array();
$section = doSlash($section);
$category = doSlash($category);
if (!$area or $area == 'article') {
$sfilter = !empty($section) ? "AND Section IN ('" . join("','", $section) . "')" : '';
$cfilter = !empty($category) ? "AND (Category1 IN ('" . join("','", $category) . "') OR Category2 IN ('" . join("','", $category) . "'))" : '';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$frs = safe_column("name", 'txp_section', "in_rss != '1'");
$query = array();
foreach ($frs as $f) {
$query[] = "AND Section != '" . doSlash($f) . "'";
}
$query[] = $sfilter;
$query[] = $cfilter;
$expired = $publish_expired_articles ? " " : " AND (" . now('expires') . " <= Expires OR Expires = " . NULLDATETIME . ") ";
$rs = safe_rows_start("*,\n ID AS thisid,\n UNIX_TIMESTAMP(Posted) AS uPosted,\n UNIX_TIMESTAMP(Expires) AS uExpires,\n UNIX_TIMESTAMP(LastMod) AS uLastMod", 'textpattern', "Status = 4 AND Posted <= " . now('posted') . $expired . join(' ', $query) . "ORDER BY Posted DESC LIMIT {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$cb = callback_event('atom_entry');
$e = array();
$a['posted'] = $uPosted;
$a['expires'] = $uExpires;
if ($show_comment_count_in_feed) {
$count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
} else {
$count = '';
}
$thisauthor = get_author_name($AuthorID);
$e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author');
$e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published');
$e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated');
$escaped_title = htmlspecialchars($Title);
$e['title'] = tag($escaped_title . $count, 'title', t_html);
$permlink = permlinkurl($a);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id');
$e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : '';
$e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : '';
$summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
$content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
if ($syndicate_body_or_excerpt) {
// Short feed: use body as summary if there's no excerpt.
if (!trim($summary)) {
$summary = $content;
}
$content = '';
}
if (trim($content)) {
$e['content'] = tag(n . escape_cdata($content) . n, 'content', t_html);
}
if (trim($summary)) {
$e['summary'] = tag(n . escape_cdata($summary) . n, 'summary', t_html);
}
$articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, 'entry');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $uLastMod;
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category in ('" . join("','", $category) . "')" : '1';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$rs = safe_rows_start("*", 'txp_link', "{$cfilter} ORDER BY date DESC, id DESC LIMIT {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$e['title'] = tag(htmlspecialchars($linkname), 'title', t_html);
$e['content'] = tag(n . htmlspecialchars($description) . n, 'content', t_html);
$url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url);
$url = preg_replace("/&((?U).*)=/", "&\\1=", $url);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
$e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published');
$e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
$e['id'] = tag('tag:' . $mail_or_domain . ',' . safe_strftime('%Y-%m-%d', strtotime($date)) . ':' . $blog_uid . '/' . $id, 'id');
$articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
if (!$articles) {
if ($section) {
if (safe_field("name", 'txp_section', "name IN ('" . join("','", $section) . "')") == false) {
txp_die(gTxt('404_not_found'), '404');
}
} elseif ($category) {
switch ($area) {
case 'link':
if (safe_field("id", 'txp_category', "name = '{$category}' AND type = 'link'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
case 'article':
default:
if (safe_field("id", 'txp_category', "name IN ('" . join("','", $category) . "') AND type = 'article'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
}
}
} else {
// Turn on compression if we aren't using it already.
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
// Make sure notices/warnings/errors don't fudge up the feed when
// compression is used.
$buf = '';
while ($b = @ob_get_clean()) {
$buf .= $b;
}
@ob_start('ob_gzhandler');
echo $buf;
}
handle_lastmod();
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
$imsd = $hims ? strtotime($hims) : 0;
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id])) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} elseif (isset($cut_etag)) {
header("Vary: If-None-Match");
} elseif (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
txp_status_header('304 Not Modified');
exit(0);
}
if ($etag) {
header('ETag: "' . $etag . '"');
}
if ($cutarticles) {
// header("HTTP/1.1 226 IM Used");
// This should be used as opposed to 200, but Apache doesn't like it.
// http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the
// status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
}
$out = array_merge($out, $articles);
header('Content-type: application/atom+xml; charset=utf-8');
return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . txpspecialchars($language) . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>';
}
function plugin_multi_edit()
{
$selected = ps('selected');
$method = ps('edit_method');
if (!$selected or !is_array($selected)) {
return plugin_list();
}
$where = "name IN ('" . join("','", doSlash($selected)) . "')";
switch ($method) {
case 'delete':
foreach ($selected as $name) {
if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) {
load_plugin($name, true);
callback_event("plugin_lifecycle.{$name}", 'disabled');
callback_event("plugin_lifecycle.{$name}", 'deleted');
}
}
safe_delete('txp_plugin', $where);
break;
case 'changestatus':
foreach ($selected as $name) {
if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) {
$status = safe_field('status', 'txp_plugin', "name ='" . doSlash($name) . "'");
load_plugin($name, true);
// NB: won't show returned messages anywhere due to potentially overwhelming verbiage.
callback_event("plugin_lifecycle.{$name}", $status ? 'disabled' : 'enabled');
}
}
safe_update('txp_plugin', 'status = (1-status)', $where);
break;
case 'changeorder':
$order = min(max(intval(ps('order')), 1), 9);
safe_update('txp_plugin', 'load_order = ' . $order, $where);
break;
}
$message = gTxt('plugin_' . ($method == 'delete' ? 'deleted' : 'updated'), array('{name}' => join(', ', $selected)));
plugin_list($message);
}
function pagetop($pagetitle, $message = "")
{
global $siteurl, $sitename, $txp_user, $event, $step, $app_mode, $theme;
if ($app_mode == 'async') {
return;
}
$area = gps('area');
$event = !$event ? 'article' : $event;
$bm = gps('bm');
$privs = safe_field("privs", "txp_users", "name = '" . doSlash($txp_user) . "'");
$GLOBALS['privs'] = $privs;
$areas = areas();
$area = false;
foreach ($areas as $k => $v) {
if (in_array($event, $v)) {
$area = $k;
break;
}
}
if (gps('logout')) {
$body_id = 'page-logout';
} elseif (!$txp_user) {
$body_id = 'page-login';
} else {
$body_id = 'page-' . htmlspecialchars($event);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php
echo LANG;
?>
" lang="<?php
echo LANG;
?>
" dir="<?php
echo gTxt('lang_dir');
?>
">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="noindex, nofollow" />
<title>Txp › <?php
echo htmlspecialchars($sitename);
?>
› <?php
echo escape_title($pagetitle);
?>
</title>
<script src="jquery.js" type="text/javascript"></script>
<?php
echo script_js('var textpattern = {event: "' . htmlspecialchars($event) . '", step: "' . htmlspecialchars($step) . '"};');
?>
<script type="text/javascript" src="textpattern.js"></script>
<script type="text/javascript">
<!--
var cookieEnabled = checkCookies();
if (!cookieEnabled)
{
confirm('<?php
echo trim(gTxt('cookies_must_be_enabled'));
?>
');
}
<?php
$edit = array();
if ($event == 'list') {
$rs = safe_column('name', 'txp_section', "name != 'default'");
$edit['section'] = $rs ? selectInput('Section', $rs, '', true) : '';
$rs = getTree('root', 'article');
$edit['category1'] = $rs ? treeSelectInput('Category1', $rs, '') : '';
$edit['category2'] = $rs ? treeSelectInput('Category2', $rs, '') : '';
$edit['comments'] = onoffRadio('Annotate', safe_field('val', 'txp_prefs', "name = 'comments_on_default'"));
$edit['status'] = selectInput('Status', array(1 => gTxt('draft'), 2 => gTxt('hidden'), 3 => gTxt('pending'), 4 => gTxt('live'), 5 => gTxt('sticky')), '', true);
$rs = safe_column('name', 'txp_users', "privs not in(0,6) order by name asc");
$edit['author'] = $rs ? selectInput('AuthorID', $rs, '', true) : '';
}
if (in_array($event, array('image', 'file', 'link'))) {
$rs = getTree('root', $event);
$edit['category'] = $rs ? treeSelectInput('category', $rs, '') : '';
$rs = safe_column('name', 'txp_users', "privs not in(0,6) order by name asc");
$edit['author'] = $rs ? selectInput('author', $rs, '', true) : '';
}
if ($event == 'plugin') {
$edit['order'] = selectInput('order', array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9), 5, false);
}
if ($event == 'admin') {
$edit['privilege'] = privs();
$rs = safe_column('name', 'txp_users', '1=1');
$edit_assign_assets = $rs ? selectInput('assign_assets', $rs, '', true) : '';
}
// output JavaScript
?>
function poweredit(elm)
{
var something = elm.options[elm.selectedIndex].value;
// Add another chunk of HTML
var pjs = document.getElementById('js');
if (pjs == null)
{
var br = document.createElement('br');
elm.parentNode.appendChild(br);
pjs = document.createElement('P');
pjs.setAttribute('id','js');
elm.parentNode.appendChild(pjs);
}
if (pjs.style.display == 'none' || pjs.style.display == '')
{
pjs.style.display = 'block';
}
if (something != '')
{
switch (something)
{
<?php
foreach ($edit as $key => $val) {
echo "case 'change" . $key . "':" . n . t . "pjs.innerHTML = '<span>" . str_replace(array("\n", '-'), array('', '-'), str_replace('</', '<\\/', addslashes($val))) . "<\\/span>';" . n . t . 'break;' . n . n;
}
if (isset($edit_assign_assets)) {
echo "case 'delete':" . n . t . "pjs.innerHTML = '<label for=\"assign_assets\">" . addslashes(gTxt('assign_assets_to')) . "</label><span>" . str_replace(array("\n", '-'), array('', '-'), str_replace('</', '<\\/', addslashes($edit_assign_assets))) . "<\\/span>';" . n . t . 'break;' . n . n;
}
?>
default:
pjs.style.display = 'none';
break;
}
}
return false;
}
addEvent(window, 'load', cleanSelects);
-->
</script>
<?php
echo $theme->html_head();
callback_event('admin_side', 'head_end');
?>
</head>
<body id="<?php
echo $body_id;
?>
" class="<?php
echo $area;
?>
">
<?php
callback_event('admin_side', 'pagetop');
$theme->set_state($area, $event, $bm, $message);
echo pluggable_ui('admin_side', 'header', $theme->header());
callback_event('admin_side', 'pagetop_end');
}
/**
* Remove all language strings for the given lang code.
*
* Removed language code is specified with 'lang_code' HTTP POST
* parameter.
*/
function remove_language()
{
$lang_code = ps('lang_code');
$ret = safe_delete('txp_lang', "lang = '" . doSlash($lang_code) . "'");
if ($ret) {
callback_event('lang_deleted', '', 0, $lang_code);
$msg = gTxt($lang_code) . sp . gTxt('deleted');
} else {
$msg = gTxt('cannot_delete', array('{thing}' => $lang_code));
}
list_languages($msg);
}
function link_multi_edit()
{
global $txp_user, $all_link_cats, $all_link_authors;
// Empty entry to permit clearing the category
$categories = array('');
foreach ($all_link_cats as $row) {
$categories[] = $row['name'];
}
$selected = ps('selected');
if (!$selected or !is_array($selected)) {
link_list();
return;
}
$selected = array_map('assert_int', $selected);
$method = ps('edit_method');
$changed = array();
$key = '';
switch ($method) {
case 'delete':
if (!has_privs('link.delete')) {
if (has_privs('link.delete.own')) {
$selected = safe_column('id', 'txp_link', 'id IN (' . join(',', $selected) . ') AND author=\'' . doSlash($txp_user) . '\'');
} else {
$selected = array();
}
}
foreach ($selected as $id) {
if (safe_delete('txp_link', 'id = ' . $id)) {
$changed[] = $id;
}
}
if ($changed) {
callback_event('links_deleted', '', 0, $changed);
}
$key = '';
break;
case 'changecategory':
$val = ps('category');
if (in_array($val, $categories)) {
$key = 'category';
}
break;
case 'changeauthor':
$val = ps('author');
if (in_array($val, $all_link_authors)) {
$key = 'author';
}
break;
default:
$key = '';
$val = '';
break;
}
if ($selected and $key) {
foreach ($selected as $id) {
if (safe_update('txp_link', "{$key} = '" . doSlash($val) . "'", "id = {$id}")) {
$changed[] = $id;
}
}
}
if ($changed) {
update_lastmod();
link_list(gTxt($method == 'delete' ? 'links_deleted' : 'link_updated', array($method == 'delete' ? '{list}' : '{name}' => join(', ', $changed))));
return;
}
link_list();
}
function txp_die($msg, $status = '503')
{
// 503 status might discourage search engines from indexing or caching the error message
//Make it possible to call this function as a tag, e.g. in an article <txp:txp_die status="410" />
if (is_array($msg)) {
extract(lAtts(array('msg' => '', 'status' => '503'), $msg));
}
// Intentionally incomplete - just the ones we're likely to use
$codes = array('200' => 'OK', '301' => 'Moved Permanently', '302' => 'Found', '304' => 'Not Modified', '307' => 'Temporary Redirect', '401' => 'Unauthorized', '403' => 'Forbidden', '404' => 'Not Found', '410' => 'Gone', '414' => 'Request-URI Too Long', '500' => 'Internal Server Error', '501' => 'Not Implemented', '503' => 'Service Unavailable');
if ($status) {
if (isset($codes[strval($status)])) {
$status = strval($status) . ' ' . $codes[$status];
}
txp_status_header($status);
}
$code = '';
if ($status and $parts = @explode(' ', $status, 2)) {
$code = @$parts[0];
}
callback_event('txp_die', $code);
if (@$GLOBALS['connected']) {
$out = safe_field('user_html', 'txp_page', "name='error_" . doSlash($code) . "'");
if (empty($out)) {
$out = safe_field('user_html', 'txp_page', "name='error_default'");
}
}
if (empty($out)) {
$out = <<<eod
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Textpattern Error: <txp:error_status /></title>
</head>
<body>
<p align="center" style="margin-top:4em"><txp:error_message /></p>
</body>
</html>
eod;
}
header("Content-type: text/html; charset=utf-8");
if (is_callable('parse')) {
$GLOBALS['txp_error_message'] = $msg;
$GLOBALS['txp_error_status'] = $status;
$GLOBALS['txp_error_code'] = $code;
set_error_handler("tagErrorHandler");
die(parse($out));
} else {
$out = preg_replace(array('@<txp:error_status[^>]*/>@', '@<txp:error_message[^>]*/>@'), array($status, $msg), $out);
die($out);
}
}
/**
* Saves or clones a page template.
*/
function page_save()
{
extract(doSlash(array_map('assert_string', psa(array('savenew', 'html', 'copy')))));
$name = sanitizeForPage(assert_string(ps('name')));
$newname = sanitizeForPage(assert_string(ps('newname')));
$save_error = false;
$message = '';
if (!$newname) {
$message = array(gTxt('page_name_invalid'), E_ERROR);
$save_error = true;
} else {
if ($copy && $name === $newname) {
$newname .= '_copy';
$_POST['newname'] = $newname;
}
$exists = safe_field("name", 'txp_page', "name = '" . doSlash($newname) . "'");
if ($newname !== $name && $exists !== false) {
$message = array(gTxt('page_already_exists', array('{name}' => $newname)), E_ERROR);
if ($savenew) {
$_POST['newname'] = '';
}
$save_error = true;
} else {
if ($savenew or $copy) {
if ($newname) {
if (safe_insert('txp_page', "name = '" . doSlash($newname) . "', user_html = '{$html}'")) {
update_lastmod('page_created', compact('newname', 'name', 'html'));
$message = gTxt('page_created', array('{name}' => $newname));
} else {
$message = array(gTxt('page_save_failed'), E_ERROR);
$save_error = true;
}
} else {
$message = array(gTxt('page_name_invalid'), E_ERROR);
$save_error = true;
}
} else {
if (safe_update('txp_page', "user_html = '{$html}', name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) {
safe_update('txp_section', "page = '" . doSlash($newname) . "'", "page = '" . doSlash($name) . "'");
update_lastmod('page_saved', compact('newname', 'name', 'html'));
$message = gTxt('page_updated', array('{name}' => $name));
} else {
$message = array(gTxt('page_save_failed'), E_ERROR);
$save_error = true;
}
}
}
}
if ($save_error === true) {
$_POST['save_error'] = '1';
} else {
callback_event('page_saved', '', 0, $name, $newname);
}
page_edit($message);
}
